CVE-2025-14994

Name of the Vulnerable Software and Affected Versions Tenda FH1201 version 1.2.0.14(408) Tenda FH1206 version 1.2.0.14(408) Tenda FH1201 version 1.2.0.8(8155) Tenda FH1206 version 1.2.0.8(8155)

Description A flaw exists in the Tenda FH1201 and FH1206 routers. The issue resides in the strcat function within the /goform/webtypelibrary file of the HTTP Request Handler component. Manipulation of the webSiteId argument can trigger a stack-based buffer overflow, potentially allowing for remote exploitation. An exploit for this issue has been published.

Recommendations Tenda FH1201 version 1.2.0.14(408): At the moment, there is no information about a newer version that contains a fix for this vulnerability. Tenda FH1206 version 1.2.0.14(408): At the moment, there is no information about a newer version that contains a fix for this vulnerability. Tenda FH1201 version 1.2.0.8(8155): At the moment, there is no information about a newer version that contains a fix for this vulnerability. Tenda FH1206 version 1.2.0.8(8155): At the moment, there is no information about a newer version that contains a fix for this vulnerability.